JPEG2000 as a defense against attacks using adversarial examples

2018-10-11
Adversarial examples have a negative effect on the performance of classifiers which have otherwise good performance on undisturbed images. These examples are generated by adding non-random noise to the test samples in order to fool the classifier. Adversarial attacks use these intentionally generated examples and they pose a security risk to the machine learning based systems. It has recently been shown that JPEG compression is effective against such attacks and classification accuracy on adversarial images is recovered when compression is increased. However, the accuracy drops when quantization becomes too aggressive. In this work, we propose using JPEG2000 as a defense mechanism as does not cause blocking artifacts and allow higher compression
GPU Technology Conference,9 - 11 October 2018

Suggestions

The Effects of JPEG and JPEG2000 Compression on Attacks using Adversarial Examples
Temizel, Alptekin; Taşkaya Temizel, Tuğba (2018-03-01)
Adversarial examples are known to have a negative effect on the performance of classifiers which have otherwise good performance on undisturbed images. These examples are generated by adding non-random noise to the testing samples in order to make classifier misclassify the given data. Adversarial attacks use these intentionally generated examples and they pose a security risk to the machine learning based systems. To be immune to such attacks, it is desirable to have a pre-processing mechanism which remove...
Image segmentation based on variational techniques
Duramaz, Alper; Ünver, Baki Zafer; Department of Electrical and Electronics Engineering (2006)
Recently, solutions to the problem of image segmentation and denoising are developed based on the Mumford-Shah model. The model provides an energy functional, called the Mumford-Shah functional, which should be minimized. Since the minimization of the functional has some difficulties, approximate approaches are proposed. Two such methods are the gradient flows method and the Chan-Vese active contour method. The performance evolution in terms of speed shows that the gradient flows method converges to the bou...
Image Annotation by Semi-Supervised Clustering Constrained by SIFT Orientation Information
Sayar, Ahmet; Yarman-Vural, Fatos T. (2008-10-29)
Methods developed for image annotation usually make use of region clustering algorithms. Visual codebooks are generated from the region clusters of low level features. These codebooks are then, matched with the words of the text document related to the image, in various ways. In this paper, we supervise the clustering process by using the orientation information assigned to each interest point of Scale-invariant feature transform (SIFT) features to generate a visual codebook. The orientation information pro...
Dynamic system modeling and state estimation for speech signal
Özbek, İbrahim Yücel; Demirekler, Mübeccel; Department of Electrical and Electronics Engineering (2010)
This thesis presents an all-inclusive framework on how the current formant tracking and audio (and/or visual)-to-articulatory inversion algorithms can be improved. The possible improvements are summarized as follows: The first part of the thesis investigates the problem of the formant frequency estimation when the number of formants to be estimated fixed or variable respectively. The fixed number of formant tracking method is based on the assumption that the number of formant frequencies is fixed along the ...
Single Image Noise Level Estimation Using Dark Channel Prior
Yeşilyurt, Aziz Berkay; Erol, Aybüke; Kamışlı, Fatih; Alatan, Abdullah Aydın (2019-09-22)
Noise level is required as an input parameter in various image processing applications. In this work, we use the dark channel prior (DCP) to estimate the noise level of an image degraded by additive white Gaussian noise. We develop an approximate model of the probability density function of the dark channel of the noisy image. Using this model, the noise level is determined with the maximum likelihood estimation method from the dark channel intensity values of the noisy image. The results show that our meth...
Citation Formats
A. E. Gündüz, A. Temizel, and T. Taşkaya Temizel, “JPEG2000 as a defense against attacks using adversarial examples ,” presented at the GPU Technology Conference,9 - 11 October 2018, Munich, Germany, 2018, Accessed: 00, 2021. [Online]. Available: https://hdl.handle.net/11511/87113.